Hello,
I am trying to install the Cisco CDA (Context Directory Agent) to bridge the windows identity gap between Active Directory and Cisco IronPort WSA and eventually ASA.
I followed all the rules in the deployment instructions and I still cannot get this to connect. With a Domain Admin it always refuses the password. I then decided to try creating a new account as a domain user called CDAService and I followed the extra steps required to grant this user the proper access to the specific registry keys, DCOM and WMI, and they were added to the Event Log Readers group in AD. Though the error with this new user account is this:
org.jinterop.dcom.common.JIRuntimeException: The RPC server is unavailable. Please check if the COM server is up and running and that route to the COM Server is accessible (A simple "Ping" to the Server machine would do). Also please confirm if the Windows Firewall is not blocking DCOM access. [0x800706BA] |
The RPC server is unavailable. Please check if the COM server is up and running and that route to the COM Server is accessible (A simple "Ping" to the Server machine would do). Also please confirm if the Windows Firewall is not blocking DCOM access. [0x800706BA] |
I logged onto the console of our CDA virtual machine and I was able to ping the DC by name. I also used wbemtest utility on my workstation and used the CDAService account to connect to the \root\cim2 namespace and I was able to pull Win32_ComputerSystem attributes from WMI with that account. I am on the same subnet as the CDA appliance.
I double checked the Windows Server 2008 R2 firewall on this DC and inbound rules that have to do with WMI are ASync-In, DCOM-In WMI-In all set to allow inbound.
Any ideas how to get this to work? Its a Server 2008 R2 level domain.
